Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: hello and need help please "reveton trojan"


(!)

jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
11-May-2012, 05:36 PM #1
hello and need help please "reveton trojan"
Hello i only just joined your ste and i must say very good from what ive seen now i only found this site due to have a major problem so at least some thing good has come out of my "problem".
I have the west yourshire virus or better called "THE REVETON TROJAN". im sure you heard of it please can you help me i cant do anything cant boot in safe mode really stuck.

Thanks in advance for any help you can offer
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
11-May-2012, 07:46 PM #2
Go here http://www.microsoft.com/security/po...#recovery_link Scroll down to "Recovery" follow those instructions....
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
14-May-2012, 12:25 PM #3
dont work
already tried that a few times m8 ctrl o don`t do any thing can`t boot into safe mode cant do anything.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
14-May-2012, 02:36 PM #4
If you have access to another system and a USB stick do the following:

Download the Windows Defender Offline Tool and save to your Desktop.
You will have to select the correct version for your system, either 32 or 64 bit



Double click to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"



In the new window accept the agreement:



In the new window select your USB Flash Drive, then select "Next"



In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"



In the new window accept the formatting alert by selecting "Next"



Files will be Downloaded:



Files will be processed and created



Flash drive will be formatted and prepared



Files will be added to the Flash Drive and the tool will be created.



The procedure is finished and the Tool created, click on "Finish" to complete.



Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.
When complete do a full scan, deal with what it finds.
When finished, remove the USB stick then press the Esc key to boot into regular windows.
Navigate to the following file:
"C:\windows\windows defender offline\support\mssWrapper.log" Open with notepad and copy and paste it into a reply.

Kevin
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
16-May-2012, 03:10 PM #5
hello and thanks for your help im doing a scan at moment quck scan said there was 6 problems. i will update once it has done a full scan i hope i got the name of it right is it also know as west yorkshire police virus.
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
16-May-2012, 03:18 PM #6
did full scan it nearly finished then i got blue screen of death
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
16-May-2012, 03:40 PM #7
Will it re-boot to Windows?
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
16-May-2012, 06:08 PM #8
can i first of all start by saying your awsome thank you so much after i did another full scan rebooted my comp and it booted up great i got this info hope it the right stuff..

ERRORS_ONLY=0
MAX_SIZE=5120
APPEND=1
MAX_LINE_SIZE=256
-------------------------------------------------
START 2012/05/16 19:10:39:593 TID:776 PID:724
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Binary architecture is x86
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
UtilIsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x80070003
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
CheckProcessorArchitecture returned 0x00000000
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Setting target OS key: "C:\Windows"
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
SetRecoveryEnvironmentKey returned 0x00000000
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Searching for signatures. Default signature path: ""
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Searching for signatures at root of drives...
WARNING 2012/05/16 19:10:39:593 TID:776 PID:724
Missing definitions file in 'C:\mpam-fe.exe'
WARNING 2012/05/16 19:10:39:593 TID:776 PID:724
Missing definitions file in 'D:\mpam-fe.exe'
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Found definitions file in 'E:\mpam-fe.exe'
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Using signature path: "E:\mpam-fe.exe"
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
SearchForSignatures returned 0x00000000
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Initializing offline environment and service...
INFO 2012/05/16 19:10:57:515 TID:776 PID:724
Launching user interface...
INFO 2012/05/16 19:10:57:531 TID:776 PID:724
Launched UI, waiting...
START 2012/05/16 19:32:16:484 TID:780 PID:728
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Binary architecture is x86
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
UtilIsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x80070003
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
CheckProcessorArchitecture returned 0x00000000
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Setting target OS key: "C:\Windows"
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
SetRecoveryEnvironmentKey returned 0x00000000
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Searching for signatures. Default signature path: ""
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Searching for signatures at root of drives...
WARNING 2012/05/16 19:32:16:484 TID:780 PID:728
Missing definitions file in 'C:\mpam-fe.exe'
WARNING 2012/05/16 19:32:16:484 TID:780 PID:728
Missing definitions file in 'D:\mpam-fe.exe'
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Found definitions file in 'E:\mpam-fe.exe'
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Using signature path: "E:\mpam-fe.exe"
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
SearchForSignatures returned 0x00000000
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Initializing offline environment and service...
INFO 2012/05/16 19:32:34:390 TID:780 PID:728
Launching user interface...
INFO 2012/05/16 19:32:34:406 TID:780 PID:728
Launched UI, waiting...
START 2012/05/16 20:24:01:656 TID:784 PID:732
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Binary architecture is x86
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
UtilIsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x80070003
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
CheckProcessorArchitecture returned 0x00000000
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Setting target OS key: "C:\Windows"
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
SetRecoveryEnvironmentKey returned 0x00000000
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Searching for signatures. Default signature path: ""
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Searching for signatures at root of drives...
WARNING 2012/05/16 20:24:01:656 TID:784 PID:732
Missing definitions file in 'C:\mpam-fe.exe'
WARNING 2012/05/16 20:24:01:656 TID:784 PID:732
Missing definitions file in 'D:\mpam-fe.exe'
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Found definitions file in 'E:\mpam-fe.exe'
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Using signature path: "E:\mpam-fe.exe"
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
SearchForSignatures returned 0x00000000
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Initializing offline environment and service...
INFO 2012/05/16 20:24:19:468 TID:784 PID:732
Launching user interface...
INFO 2012/05/16 20:24:19:484 TID:784 PID:732
Launched UI, waiting...
INFO 2012/05/16 22:48:53:359 TID:784 PID:732
Wait finished (UI signaled)
INFO 2012/05/16 22:48:53:359 TID:784 PID:732
RunCallisto returned 0x00000000



But alot of my files and folders are LOCKED ??? how do i get round this please and thanks so much your a diamond
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
16-May-2012, 06:22 PM #9
Can you run DDS and post the two logs...
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Kevin
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
17-May-2012, 12:29 PM #10
can i put this on usb and can you tell me a good free av please
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
17-May-2012, 02:51 PM #11
Do you want to d/l and transfer DDS to the sick pc via usb stick, if so then yes.

What exactly is the status of the sick PC. What is the OS, XP, Vista or Windows 7, is it 32 or 64 bit. Do you have Malwarebytes installed. Does it have an internet connection
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
17-May-2012, 08:23 PM #12
its xp 32 and it did have wireless but with the virus its knocked the drivers off and no dont have malwarebyts
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
18-May-2012, 02:42 AM #13
Thanks for the information, OK do the following:

Step 1

Go Here and download DDS and save to your Desktop, this is a special version.

(You can transfer this to the sick PC via USB)

As you save the file re-name to DDS.com.

Double click to run the program, Vista or Windows 7 users will have to accept the UAC alert.

The screen will go red and you will see the following window:



Expand "Advanced" check the boxes as shown, select start.

Post the logs when it completes....

Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
  • Internet Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Let me see those logs..

Kevin
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
18-May-2012, 03:51 PM #14
dont belive this oh i hate computer lol. i havent turned comp on since i messaged you the log file the other day i told you i got blue screen then redid scan managed to get onto comp got the log file message you turned off computer. just tried to start comp but my monitor wont come on must have wiped the driver for it any idears please
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
18-May-2012, 05:16 PM #15
Will it boot to safe mode? Do you have your XP installation CD.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑